Secureboot: Enable verifying OPAL Payload before starting instructions

For Enterprise systems that will boot OPAL, hostboot code will now securely verify the OPAL payload before starting instructions if secureboot is enabled. Change-Id: I1c392758f90c4a886d2a7731d78980bdaa21837f RTC:187304 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/80818 Reviewed-by: Ilya Smirnov <ismirno@us.ibm.com> Reviewed-by: Zachary Clark <zach@ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: William G Hoffa <wghoffa@us.ibm.com>
open-power · Jul 27, 2019 · bcd6d6f · bcd6d6f
1 parent beeb7f5
commit bcd6d6f
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/usr/isteps/istep21/call_host_runtime_setup.C b/src/usr/isteps/istep21/call_host_runtime_setup.C
@@ -290,8 +290,8 @@ errlHndl_t verifyAndMovePayload(void)
         break;
     }
 
-    // If in Secure Mode Verify PHYP at Temporary TCE-related Memory Location
-    if (SECUREBOOT::enabled() && is_phyp)
+    // If in Secure Mode Verify Payload at Temporary TCE-related Memory Location
+    if (SECUREBOOT::enabled())
     {
         TRACDCOMP( ISTEPS_TRACE::g_trac_isteps_trace,"verifyAndMovePayload() "
                    "Verifying PAYLOAD: physAddr=0x%.16llX, virtAddr=0x%.16llX",